Overview[1] #

We have gathered LDAP Result Code from several sources including our own observations.

The IANA Registry resultCode values is the "official" listing.

More Specific LDAP Result Codes:#

NOTE LDAP Error Codes vs LDAP Result Codes#

LDAP is a request-response protocol and each request, is followed by a response. A success result code (0) implies all is well.

Though many people refer to them as LDAP Error Codes, they are really LDAP Result codes. Other result codes may or may not be errors.

Anyhow, here you can find many LDAP Result Codes and what they imply.

Result Code values - per RFC 4520#

All LDAP Result Codes are registered in the IANA Registry resultCode values as described in RFC 4520

We list them here as they were on 2016-08-05:

HexDecimalNameOwnerReferenceINITDescription
0x000LDAP_SUCCESSIESGRFC 4511DSAThis is used to indicate that the associated operation completed successfully.
0x011LDAP_OPERATIONS_ERRORIESGRFC 4511DSAThis is used to indicate that the associated request was out of sequence with another operation in progress (e.g., a non-bind request in the middle of a multi-stage SASL bind).It does not indicate that the client has sent an erroneous message.
eDirectory: In NDS 8.3x through NDS 7.xx, this was the default error for NDS errors that did not map to an LDAP error code. To conform to the new LDAP drafts, NDS 8.5 uses 80 (0x50) for such errors.
0x022LDAP_PROTOCOL_ERRORIESGRFC 4511DSAThis is used to indicate that the client (DUA) sent data to the server that did not comprise a valid LDAP request.
0x033LDAP_TIMELIMIT_EXCEEDEDIESGRFC 4511DSAThis is used to indicate that processing on the associated request time limit specified by either the client request or the server administration limits has been exceeded and has been terminated because it took too long to complete. For a SearchRequest operation, it is possible that some of the matching entries had been returned when the time limit was reached.
0x044LDAP_SIZELIMIT_EXCEEDEDIESGRFC 4511DSAThis is used to indicate that there were more entries matching the criteria contained in a SearchRequest operation than were allowed to be returned by the size limit configuration. Incomplete results may be returned.
0x055LDAP_COMPARE_FALSEIESGRFC 4511DSADoes not indicate an error condition. This is used to indicate that a Compare Request operation completed successfully, but the provided attribute value assertion did not match the target entry.
0x066LDAP_COMPARE_TRUEIESGRFC 4511DSADoes not indicate an error condition. This is used to indicate that a Compare Request operation completed successfully, and the provided attribute value assertion matched the target entry.
0x077LDAP_AUTH_METHOD_NOT_SUPPORTEDIESGRFC 4511DSAThis is used to indicate that the Directory Server does not support the requested Authentication Method.
0x088LDAP_STRONG_AUTH_REQUIREDIESGRFC 4511DSAIndicates one of the following:
* In Bind Requests, the LDAP server accepts only strong authentication.
* In a client request, the client requested an operation such as Delete Request that requires strong authentication.
* In an Unsolicited Notification of disconnection, the LDAP server discovers the security protecting the communication between the client and server has unexpectedly failed or been compromised.
0x099reserved(partialResults)IESGRFC 4511N/AN/A
0x0A10LDAP_REFERRALIESGRFC 4511DSADoes not indicate an error condition. In LDAPv3, indicates that the server does not hold the target entry of the request, but that the servers in the LDAP Referral field may.
0x0B11LDAP_ADMINLIMIT_EXCEEDEDIESGRFC 4511DSA
0x0C12LDAP_UNAVAILABLE_CRITICAL_EXTENSIONIESGRFC 4511DSAIndicates that the LDAP server was unable to satisfy a request because one or more critical extensions were not available. Either the server does not support the control or the control is not appropriate for the operation type.
0x0D13LDAP_CONFIDENTIALITY_REQUIREDIESGRFC 4511DSAIndicates that the session is not protected by a protocol such as Transport Layer Security (TLS), which provides session confidentiality and the request will not be handled without confidentiality enabled.
0x0E14LDAP_SASL_BIND_IN_PROGRESSIESGRFC 4511DSADoes not indicate an error condition, but indicates that the server is ready for the next step in the process. The client must send the server the same SASL Mechanism to continue the process.
0x0F15Not used.N/AN/AN/AN/A
0x1016LDAP_NO_SUCH_ATTRIBUTEIESGRFC 4511DSAIndicates that the attribute specified in the Modify Request or Compare Request operation does not exist in the entry.
0x1117LDAP_UNDEFINED_TYPEIESGRFC 4511DSAIndicates that the attribute specified in the modify or add operation does not exist in the LDAP server's schema.
0x1218LDAP_INAPPROPRIATE_MATCHINGIESGRFC 4511DSAIndicates that the matching rule specified in the search filter does not match a rule defined for the attribute's syntax.
0x1319LDAP_CONSTRAINT_VIOLATIONIESGRFC 4511DSAIndicates that the attribute value specified in a Add Request, Modify Request or ModifyDNRequest operation violates constraints placed on the attribute. The constraint can be one of size or content (string only, no binary).
0x1420LDAP_TYPE_OR_VALUE_EXISTSIESGRFC 4511DSAIndicates that the attribute value specified in a Add Request or Modify Request operation already exists as a value for that attribute.
0x1521LDAP_INVALID_SYNTAXIESGRFC 4511DSAIndicates that the attribute value specified in an Add Request, Compare Request, or Modify Request operation is an unrecognized or invalid syntax for the attribute.
N/A22-31Not used.N/AN/AN/AN/A
0x2032LDAP_NO_SUCH_OBJECTIESGRFC 4511DSAIndicates the target object cannot be found. This code is NOT returned on following operations:
* SearchRequest operations that find the BaseDN but cannot find any LDAP entries that match the search filter.
* Bind Request operations.
0x2133LDAP_ALIAS_PROBLEMIESGRFC 4511DSAIndicates that an error occurred when an alias was dereferenced.
0x2234LDAP_INVALID_DN_SYNTAXIESGRFC 4511DSAIndicates that the syntax of the DN is incorrect. (If the DN syntax is correct, but the LDAP server's structure rules do not permit the operation, the server returns LDAP_UNWILLING_TO_PERFORM.)
0x2335LDAP_IS_LEAF(Some Server RESERVED)IESGRFC 4511DSAIndicates that the specified operation cannot be performed on a leaf entry. (This code is not currently in the LDAP specifications, but is reserved for this constant.)
0x2436LDAP_ALIAS_DEREF_PROBLEMIESGRFC 4511DSAIndicates that during a SearchRequest operation, either the client does not have access rights to read the aliased object's name or dereferencing is not allowed.
N/A37-47reservedN/AN/AN/AN/A
0x3048LDAP_INAPPROPRIATE_AUTHIESGRFC 4511DSAIndicates that during a Bind Request operation, the client is attempting to use an authentication Method that the client cannot use correctly. For example, either of the following cause this error:
* The client returns simple credentials when strong credentials are required.
* The client returns a DN and a password for a simple bind when the entry does not have a password defined.
0x3149LDAP_INVALID_CREDENTIALSIESGRFC 4511DSAIndicates that during a Bind Request operation one of the following occurred:
* The client passed either an incorrect DN or password.
* The password is incorrect because it has expired, Intruder Detection has locked the account, or some other similar reason.
0x3250LDAP_INSUFFICIENT_ACCESSIESGRFC 4511DSAIndicates that the caller does not have sufficient rights to perform the requested operation.
0x3351LDAP_BUSYIESGRFC 4511DSAIndicates that the LDAP server is too busy to process the client request at this time but if the client waits and resubmits the request, the server may be able to process it then.
0x3452LDAP_UNAVAILABLEIESGRFC 4511DSAIndicates that the LDAP server cannot process the client's bind request, usually because it is shutting down.
0x3553LDAP_UNWILLING_TO_PERFORMIESGRFC 4511DSAIndicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons:
* The Add Request violates the server's structure rules.
* The Modify Request specifies attributes that users cannot modify.
* Password restrictions prevent the action.
* Connection restrictions prevent the action.
0x3654LDAP_LOOP_DETECTIESGRFC 4511DSAIndicates that the client discovered an alias or LDAP Referral loop, and is thus unable to complete this request.
N/A55-63reservedIESGN/AN/AN/A
0x4064LDAP_NAMING_VIOLATIONIESGRFC 4511DSAIndicates that the Add Request or Modify DN Request operation violates the schema's structure rules. For example:
* The request places the entry subordinate to an alias.
* The request places the entry subordinate to a container that is forbidden by the containment rules.
* The RDN for the entry uses a forbidden attribute type.
0x4165LDAP_OBJECT_CLASS_VIOLATIONIESGRFC 4511DSAIndicates that the Add Request, Modify Request, or modify DN operation violates the object class rules for the entry. For example, the following types of request return this error:
* The add or modify operation tries to add an entry without a value for a required attribute.
* The add or modify operation tries to add an entry with a value for an attribute which the class definition does not contain.
* The modify operation tries to remove a required attribute without removing the auxiliary class that defines the attribute as required.
0x4266LDAP_NOT_ALLOWED_ON_NONLEAFIESGRFC 4511DSAIndicates that the requested operation is permitted only on leaf entries. For example, the following types of requests return this error:
* The client requests a delete operation on a parent entry.
* The client request a modify DN operation on a parent entry.
0x4367LDAP_NOT_ALLOWED_ON_RDNIESGRFC 4511DSAIndicates that the modify operation attempted to remove an attribute value that forms the entry's relative distinguished name.
0x4468LDAP_ALREADY_EXISTSIESGRFC 4511DSAIndicates that the add operation attempted to add an entry that already exists, or that the modify operation attempted to rename an entry to the name of an entry that already exists.
0x4569LDAP_NO_OBJECT_CLASS_MODSIESGRFC 4511DSAIndicates that the modify operation attempted to modify the structure rules of an object class.
0x4670LDAP_RESULTS_TOO_LARGEIESGRFC 4511DSAReserved for CLDAP.
0x4771LDAP_AFFECTS_MULTIPLE_DSAS DSAIndicates that the modify DN operation moves the entry from one LDAP server to another and thus requires more than one LDAP server.
N/A72-79reservedIESGN/AN/AN/A
0x5080LDAP_OTHERIESGRFC 4511DSAIndicates an unknown error condition. This is the default value for NDS error codes which do not map to other LDAP error codes.
N/A81-90reserved (LDAP Client Error And Result Codes) IESGRFC 4511DUAreserved (LDAP Client Error And Result Codes) APIs May Vary by API Implementation
0x5181LDAP_SERVER_DOWN DUAclient-side result code that indicates that the LDAP libraries cannot establish an initial connection with the LDAP server. Either the LDAP server is down or the specified host name or port number is incorrect.
0x5282LDAP_LOCAL_ERROR DUAclient-side result code Indicates that the LDAP client has an error. This is usually a failed dynamic memory allocation error.
0x5383LDAP_ENCODING_ERROR DUAclient-side result code Indicates that the LDAP client encountered errors when encoding an LDAP request intended for the LDAP server.
0x5484LDAP_DECODING_ERROR DUAclient-side result code Indicates that the LDAP client encountered errors when decoding an LDAP response from the LDAP server.
0x5585LDAP_TIMEOUT DUAclient-side result code that indicates that the time limit of the LDAP client was exceeded while waiting for a result.
0x5686LDAP_AUTH_UNKNOWN DUAclient-side result code Indicates that a bind method was called with an unknown authentication method.
0x5787LDAP_FILTER_ERROR DUAclient-side result code Indicates that the search method was called with an invalid search filter.
0x5888LDAP_USER_CANCELLED DUAclient-side result code Indicates that the user cancelled the LDAP operation.
0x5989LDAP_PARAM_ERROR DUAclient-side result code Indicates that an invalid parameter was supplied
0x5a90LDAP_NO_MEMORY DUAclient-side result code Indicates that a dynamic memory allocation method failed when calling an LDAP method.
0x5b91LDAP_CONNECT_ERROR DUAclient-side result code that indicates that the LDAP client has lost either its connection or cannot establish a connection to the LDAP server.
0x5c92LDAP_NOT_SUPPORTED DUAclient-side result code Indicates that the requested functionality is not supported by the client. For example, if the LDAP client is established as an LDAPv2 client, the libraries set this error code when the client requests LDAPv3 functionality.
0x5d93LDAP_CONTROL_NOT_FOUND DUAclient-side result code Indicates that the client requested a control that the libraries cannot find in the list of supported controls sent by the LDAP server.
0x5e94LDAP_NO_RESULTS_RETURNED DUAA client-side result code Indicates that the LDAP server sent no results.
0x5f95LDAP_MORE_RESULTS_TO_RETURN DUAclient-side result code that indicates that more results are chained in the result message.
0x6096LDAP_CLIENT_LOOP DUAclient-side result code that indicates the LDAP libraries detected a loop. Usually this happens when following referrals.
0x6197LDAP_REFERRAL_LIMIT_EXCEEDED DUAclient-side result code that indicates that the referral exceeds the hop limit. The default hop limit is ten.
0x64100INVALID_RESPONSE DUAThis is a client-side result code that is used to indicate that the result received from the server was ambiguous (for example, there was more than one response received fro the associated operation).
0x65101AMBIGUOUS_RESPONSE DUAThis is a client-side result code that is used to indicate that the result received from the server was ambiguous (for example, there was more than one response received fro the associated operation).
0x70112TLS_NOT_SUPPORTED DSAIndicates that TLS is not supported on the server.
0x71113lcupResourcesExhaustedIESGRFC 3928DSAThe server is running out of resources. LDAP Client Update Protocol
0x72114lcupSecurityViolationIESGRFC 3928DSAthe client is suspected of malicious actions. LDAP Client Update Protocol
0x73115lcupInvalidDataIESGRFC 3928DSAinvalid cookie was supplied by the client - both/either the scheme and/or the value part was invalid . LDAP Client Update Protocol
0x74116lcupUnsupportedSchemeIESGRFC 3928DSAThe scheme part of the cookie is a valid OID but is not supported by this server. LDAP Client Update Protocol
0x75117lcupReloadRequiredIESGRFC 3928DSAindicates that client data needs to be reinitialized. This reason is returned if the server does not synchronize the client or if the server's data was reloaded since the last synchronization session. LDAP Client Update Protocol
0x78118canceledIESGRFC 3909DSAThe Cancel request is an ExtendedRequest with the requestName field containing 1.3.6.1.1.8 and a requestValue field which contains a BER-encoded cancelRequestValue value.
0x79119noSuchOperationIESGRFC 3909DSAReturned if the server has no knowledge of the operation requested for cancellation.
0x7A120tooLateIESGRFC 3909DSAReturned to indicate that it is too late to cancel the outstanding operation.
0x7B121cannotCancelIESGRFC 3909DSAReturned if the identified operation does not support cancellation or the cancel operation could not be performed.
0x7C122assertionFailedIESGRFC 4528DSAWhen the control is attached to an LDAP request, the processing of the request is conditional on the evaluation of the Filter as applied against the target of the operation. If the Filter evaluates to TRUE, then the request is processed normally. If the Filter evaluates to FALSE or Undefined, then assertionFailed (122) resultCode is returned, and no further processing is performed.
0x7D123authorizationDeniedWELTMANRFC 4532DSAUsed to indicate that the server does not allow the client to assume the asserted identity.
N/A4096-16383First Come, First Serve RangeN/AN/AN/AFirst Come, First Serve Range
0x7D4096e-syncRefreshRequiredKurt Zeilenga Jong Hyuk ChoiRFC 4533DSAspecification describes the LDAP allowing a DUA to maintain a copy of a fragment of the DIT.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-100) was last changed on 22-May-2017 11:05 by jim